<?php
	
	//Include database connection details
	require_once('bootstrap.php');
	
	
	global $db;
	
	//Array to print errors to page
	$errMsgArr = array();
	//number of errors
	$errNum = 0;
	
	//array to hold customers for given user
	$myArrayCustomer = array();
	
	//if no login or password then add a message to the errMsgArr which will
	//be passed to the view and printed
	if(!isset($_POST['login']) || $_POST['login'] ==''){
		$errMsgArr[] = 'Login ID Missing';
		$errNum += 1;
	}	
	if(!isset($_POST['password']) || $_POST['password'] =='' || $_POST['password'] == 'd41d8cd98f00b204e9800998ecf8427e'){
		$errMsgArr[] = 'Password Missing';
		$errNum += 1;
	}

	$user = $_POST['login'];
	$pw = $_POST['password'];
	
	
	$prep = $db->prepare("SELECT * FROM `user` WHERE EMAIL_ADDRESS = :id AND PASSWORD = :pw ; ");

	//LOOK FOR USERNAME AND PW IN DATABASE THEN CALL OUTPUTXML BASED ON RESULTS
	if ($prep->execute(array(":id" => $user, ":pw" => $pw))) {
		if($prep->rowCount() == 1){
			$memberInfo = $prep->fetch(PDO::FETCH_ASSOC);
			//CREATE AUTH KEY BASED ON USERNAME . PASSWORD . CONTROL STRING . CURRENT TIME
			//AND SAVE IN THE DATABASE
			$controlString = "3p1XyTiBj01EM0360lFw";
			$user = strtoupper($memberInfo['EMAIL_ADDRESS']);
			$pw = $memberInfo['PASSWORD'];
			$AUTH_KEY = md5($user.$pw.$controlString);
			$memberInfo['AUTHKEY'] = $AUTH_KEY;
			
			//DEPENDING ON TYPE GRAB THEIR PERSONAL ID
			$qry = "SELECT CUSTOMER_ID FROM `user_customer` WHERE USER_ID=:id";
			
			$prep = $db->prepare($qry);
			
			if ( $prep->execute(array( ":id" => $memberInfo['USER_ID'] ))) {
					
					while(($info = $prep->fetch(PDO::FETCH_ASSOC))){
						$myArrayCustomer[] = $info['CUSTOMER_ID'];
					}
					
			} else {				
				$error = $prep->errorInfo();
				$errMsgArr[] = $error[2];
				$errNum += 1;	
			}		
			
			
			//DEPENDING ON TYPE GRAB THEIR PERSONAL ID
			$qry = "UPDATE `user` SET LAST_LOGIN=NOW() WHERE USER_ID=:id";
			
			$prep = $db->prepare($qry);
			
			if ( $prep->execute(array( ":id" => $memberInfo['USER_ID'] )) ) {		
			} else {				
				$error = $prep->errorInfo();
				$errMsgArr[] = $error[2];
				$errNum += 1;		
			}	
			
		} else {
			$errMsgArr[] = 'Login and Password Incorrect' . $user . ' --- ' . $pw;
			$errNum += 1;
		}
	} else {
		$error = $prep->errorInfo();
		$errMsgArr[] = $error[2];
		$errNum += 1;	
	}
	
	if($errNum == 0) {
		//Login Successful
		//if member profile locked send to proper screen
		 
			///set up session variables
			//SESS_PERSONAL_ID is like doctor id nurse id .....depending on type
			session_unset();
			session_regenerate_id();		
			$_SESSION['SESS_USER_ID'] = $memberInfo['USER_ID'];
			$_SESSION['SESS_FIRST_NAME'] = $memberInfo['FIRST_NAME'];			
			$_SESSION['SESS_LAST_NAME'] = $memberInfo['LAST_NAME'];
			$_SESSION['SESS_EMAIL_ADDRESS'] = $memberInfo['EMAIL_ADDRESS'];
			$_SESSION['SESS_LAST_LOGIN'] = $memberInfo['LAST_LOGIN'];
			$_SESSION['SESS_CUSTOMER_ID'] = $myArrayCustomer;
			$_SESSION['SESS_AUTH_KEY'] = $memberInfo['AUTHKEY'] ;
			session_write_close();
			//print_r($_SESSION);
			header("location: memberProfileView.php");
		
		//Login failed
			
	}else {
	
			//login failed...output error to screen
			$_SESSION['ERRMSG_ARR'] = $errMsgArr;
			session_write_close();
			print_r($_SESSION['ERRMSG_ARR'] );
			
			header("location: index.php");
			exit();
	}

?>
	